Five reasons fraud rings are hard to spot

Chris Swecker gives advice for spotting the bad guys

By Waynette Tubbs, Risk & Fraud Insights Editor

According to Economy Watch, Russia’s top exports are oil, natural gas, metals, timber and defense equipment. That’s the official story. Unofficially, Russia and its Eastern European neighbors are making big business with a faster growing export – fraud – thanks to the fall of the Berlin Wall, the rise of the Internet and weaknesses in fraud detection.

We need to identify malignant social networks and prioritize linked activities over the one-off, opportunistic fraud that takes place every day

Chris Swecker
25-year veteran of the FBI
Former Head of Security, Bank of America

Why even the most audacious fraud rings are tough to spot

Fraud detection and investigation units operate in silos. A large institution or law enforcement agency might have dozens of databases, components and watch lists that are not consolidated – no big-picture perspective.

Big ears, tiny brains. Fraud detection and investigation teams have been taking in a lot of data but very seldom connect it through analytics to identify collusion and aberrant patterns.

There’s not a lot of risk for the bad guys. Criminals who have been in the Gulag are not afraid of US jails. And they know how to use system and process surveillance to stay a step ahead of detection and enforcement.

Many cases aren’t pursued. “Individual fraud cases generally don’t get prosecuted in federal court, not necessarily even in state court,” said Swecker. “You pretty much have to bundle up that fraud and put a bow on it” for a prosecutor to take an interest.

We’re playing Whack a Mole. Investigations can be random; take the next fraud case out of the queue, then the next, instead of prioritizing high-impact cases and identifying clusters of criminal activity.

What works

Break down the silos. Consolidate multiple data sources to be able to connect the dots. Clean, quality data is key to detecting, triaging and investigating suspicious activity that may involve organized crime.

Find the mules. “Even in white-collar crime, you have mules and smurfs, the ant army of little foot soldiers that go out and actually do something,” said Swecker. There’s your opportunity to hook into the larger criminal enterprise.

Find the links. “We’ve been doing detection without context,” said Swecker. “We need to identify malignant social networks and prioritize linked activities over the one-off, opportunistic fraud that takes place every day.

“In a pilot for a large bank, we pooled data from dozens of databases, then had SAS do link analysis to look for fraud rings. Within a couple of days, we identified 40 fraud rings that the bank had been completely blind to until we ran the analytics. If we’d had this kind of firepower when I was working the streets at the Bureau, my hair wouldn’t be as gray as it is now.”

It’s time to take advantage. “These fraud operators are like apex predators,” said Swecker. “Nobody is really proactively hunting them down. They’re operating in a low-risk comfort zone. Maybe we can inject a lot more risk into that environment by going after them as an organizational structure rather than just taking the next one-off, opportunistic case off the queue. Maybe we can find them and hunt them down, instead of waiting to be the next victim.”

Read More

Read the full summary of Chris Swecker’s keynote address at a SAS-sponsored event for fraud managers.